There has been another rise of the “can we trust the cloud!” type articles recently. They normally come from two perspectives:

Consumer

“See what happened with Sony! Nothing is safe!” Or, “can you really trust your data on a cloud such as Google’s? If you use a Chromebook and everything is up there, you are just a subpoena away from the government seeing that data!”

There are valid issues to think about, but we also quickly forget the last time the hard drive crashed and your data was lost.

Enterprise / Companies Building Software

The Amazon meltdown sent shocks around the Web on this one. A friends company had just migrated from their own servers to Amazon and suddenly the business was wondering if that was a smart choice. Much like in the consumer space, we often forget about the time that someone hacked into your operations, or some other issue occurred.

The thing is, if you can help it, you should trust any one thing. If you are on a “cloud” make sure that you are in multiple regions.

The LearnBoost crew were one step ahead of the Amazon issue and posted about their redundancy, how they used regions, and how they used mongo replication to make sure the data was there.

Ideally though, you should think about going beyond one provider. At some point it would be nice to have insurance policies between these providers so you can hot swap if there is an issue.

This is why I was a fan of CloudFoundry when I first heard about it from the VMWare crew a few months back. They have managed to provide a stack that is high level enough (e.g. you have apps and services and you choose how they talk together) but open in many dimensions: you can use different languages, platforms, and frameworks….. but the core underlying system is also able to run on multiple clouds. This is huge. One chap wrote a piece on the fact that open sourcing the system is a gimic, but having vcap out there has enabled a slew of people to port it on top of their systems.

At the end of the day, this means that I can run on top of vcap with my nice vmc scripts, but behind the scenes I am a mere vmc target othercloud.com away.

We haven’t talked much about how we use CloudFoundry for FunctionSource, but it has been a real pleasure and we are early customers! Being able to vmc instances +10 makes me feel like I am in the future, and the developer ergonomics are very strong. I love being able to cd into an existing node app and vmc push the puppy up in a second.

The cloud isn’t a silver bullet, but being able to seed network and sys-admin duties has been a pleasure. Thanks to the open source nature of the product, the core system runs all over the place (including on Amazon) which means I can get my redundancy and failover with massive pain.

Feels like the best of all worlds…. the cloud is here to stay folks, just give yourself some backup.

One Response to “Multi-cloud; Preparing yourself”

On the privacy aspect, it’s certainly possible to store high value data encrypted on the server and client, and decrypt on the client. It’s also possible, in a limited fashion, to have the server perform computations on encrypted data without being able to see it (recent breakthroughs in secure multiparty computation), but even without fancy secure-multiparty computation, there are ways to limit exposure to massive hacks. Let me give give you an example.

Let’s say you are running a cloud based email service and storing all of my email for me. Now, if your server needs access to the contents of the email, it will need to see it decrypted. Let’s imagine every email is stored encrypted with a session key (DES/AES) and that key is encrypted with public key cryptography.

When the client asks for the operation to be performed on the mail by the server, it can hand it the decrypted session key (but not the private key!). This permits the server to decrypt that single message, and only that message. Interception of that key will not allow theft of any other message. So what this means is, if a hacker attacked the email database, he could get just the messages that had been transiently decrypted in memory. If he was really good, he’s install something to log all session keys as they are provided by the client, and lay low. In which case, he could grab every message as long as he goes undetected.

Through proper planning and architecture, the surface area of hacks can be limited. I don’t at all believe that Sony’s online security was close to industrial strength. They rushed PSN because X-Box Live had a year head start, and I bet they cut corners.

This is the company that had a *super* elaborate HW DRM system on the PS3, but who stupidly used the same random number for every key. It’s like having an unbreakable one-time-pad system, except ignoring the “one” part of “OTP”.

Leave a Reply

Name (required)

Mail (will not be published) (required)

Website

Spam is a pain, I am sorry to have to do this to you, but can you answer the question below?